24 lines
1.5 KiB
Markdown
24 lines
1.5 KiB
Markdown
# Java Multi-Version Conflict Detection
|
|
|
|
## Module
|
|
Scanner
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
Detects version conflicts where multiple versions of the same groupId:artifactId appear in the resolved dependency tree, flagging Maven nearest-wins and Gradle forced-version resolutions.
|
|
|
|
## Implementation Details
|
|
- **Conflict Detection**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/Conflicts/VersionConflictDetector.cs` - `VersionConflictDetector` identifies version conflicts where multiple versions of the same `groupId:artifactId` are resolved in the dependency tree, flagging Maven nearest-wins and Gradle forced-version resolution strategies
|
|
- **Language Analyzer Integration**:
|
|
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/JavaLanguageAnalyzer.cs` - `JavaLanguageAnalyzer` integrates conflict detection into the analysis pipeline
|
|
|
|
## E2E Test Plan
|
|
- [ ] Scan a Maven project with diamond dependency conflicts (A depends on B:1.0 and C which depends on B:2.0) and verify the conflict is detected
|
|
- [ ] Verify Maven "nearest-wins" resolution strategy is correctly identified and the winning version is reported
|
|
- [ ] Scan a Gradle project with forced version constraints (`!!` or `force = true`) and verify forced resolutions are flagged
|
|
- [ ] Verify conflict detection results include both the requested and resolved versions for each conflicting dependency
|
|
- [ ] Verify conflict information appears in scan findings with appropriate severity classification
|